diff options
author | Adam Langley <agl@imperialviolet.org> | 2008-07-31 23:49:48 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-07-31 23:49:48 -0400 |
commit | 90b7e1120bb43ffaabb88d28f80a0c2e13167b15 (patch) | |
tree | 5264787eb3c303186cff15bfd6b7ebef2a3ecb7b /net | |
parent | 77e2f14f71d68d05945f1d30ca55b5194d6ab1ce (diff) |
tcp: MD5: Fix MD5 signatures on certain ACK packets
I noticed, looking at tcpdumps, that timewait ACKs were getting sent
with an incorrect MD5 signature when signatures were enabled.
I broke this in 49a72dfb8814c2d65bd9f8c9c6daf6395a1ec58d ("tcp: Fix
MD5 signatures for non-linear skbs"). I didn't take into account that
the skb passed to tcp_*_send_ack was the inbound packet, thus the
source and dest addresses need to be swapped when calculating the MD5
pseudoheader.
Signed-off-by: Adam Langley <agl@imperialviolet.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/tcp_ipv4.c | 4 | ||||
-rw-r--r-- | net/ipv6/tcp_ipv6.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index b3875c0d83c7..91a8cfddf1c4 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
@@ -655,8 +655,8 @@ static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack, | |||
655 | rep.th.doff = arg.iov[0].iov_len/4; | 655 | rep.th.doff = arg.iov[0].iov_len/4; |
656 | 656 | ||
657 | tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset], | 657 | tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset], |
658 | key, ip_hdr(skb)->daddr, | 658 | key, ip_hdr(skb)->saddr, |
659 | ip_hdr(skb)->saddr, &rep.th); | 659 | ip_hdr(skb)->daddr, &rep.th); |
660 | } | 660 | } |
661 | #endif | 661 | #endif |
662 | arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr, | 662 | arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr, |
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 1db45216b232..1bcdcbc71d68 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
@@ -1094,8 +1094,8 @@ static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 | |||
1094 | *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | | 1094 | *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | |
1095 | (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); | 1095 | (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); |
1096 | tcp_v6_md5_hash_hdr((__u8 *)topt, key, | 1096 | tcp_v6_md5_hash_hdr((__u8 *)topt, key, |
1097 | &ipv6_hdr(skb)->daddr, | 1097 | &ipv6_hdr(skb)->saddr, |
1098 | &ipv6_hdr(skb)->saddr, t1); | 1098 | &ipv6_hdr(skb)->daddr, t1); |
1099 | } | 1099 | } |
1100 | #endif | 1100 | #endif |
1101 | 1101 | ||